Overview

This deployment example is to demonstrate switch VLAN configurations for UniFi APs.

WARNING: Commands for 3rd party hardware are provided as is, and are subject to change without notice.

This is for demonstration ONLY and experienced IT should already be familiar with below contents. We are NOT suggesting how your network should be configured, and we will NOT support if these switch configurations failed your network. The reader of this document is expected to have VLAN and switch knowledge. Remember, this is an EXAMPLE, please think through first and make sure the configuration is properly modified according to your environment before applying.

Table of Contents

Deployment

In this example, we will trunk 4 different switches (Netgear, HP, Cisco, D-Link) and use airRouter as the DHCP server also the gateway to internet. We choose 4 different switch brands to demonstrate UAP interoperability. We will create 4 WLANs (vlan10_mgmt, vlan20_user, vlan30_finance, vlan40_guest) in 4 different VLAN id (10, 20, 30, 40) each. To make things a little bit more complicated, we didn't use the default VLAN 1, but set VLAN 10 to be untagged to carry UniFi AP management traffic. It shall be fairly easy for readers to change management VLAN from VLAN 10 back to use default VLAN 1. In the end, a UAP can be plugged into any of these switches to provide wireless connectivity.

VLAN trunking across multiple switches with airRouter (DHCP server) at top of network topology and UAPs at network end, providing wireless access to users.

Network VLAN & IP range

Management, VLAN 10, 10.0.10.x

User, VLAN 20, 10.0.20.x

Finance, VLAN 30, 10.0.30.x

Guest, VLAN 40, 10.0.40.x

Management IP addresses for various routers

airRouter 10.0.10.1

Netgear GS748TP 10.0.10.2

UniFi controller 10.0.10.3

HP ProCurve 2650-PWR 10.0.10.4

Cisco 2970 switch 10.0.10.6

D-Link DGS-3120-24PC 10.0.10.7

Configurations for the various equipment are outlined below.

airRouter

The airRouter is running v5.5 or above.

We will use airRouter in SOHO Router mode for simplification. We will leverage it as the gateway, NAT and the DHCP server for for all VLANs. We are NOT going to use its Wireless capability in this example since that is not our main focus here.

Following airRouter user guide, plug in the laptop into one of the ports. Set the laptop and the airRouter in the same subnet. We can then configure airRouter through web browser in its default IP address.

"Network" tab

Set Network Mode to "SOHO Router"

Choose "Advanced" Configuration Mode

Set your WAN according to your WAN connection. In our setup, I choose DHCP.

Expand "LAN Network Settings"

IP Address: 10.0.0.1 (We don't really use this part in this example)

Netmask: 255.255.255.0

DHCP Server: Enabled

Range Start: 10.0.0.100

Range Stop: 10.0.0.254

Netmask: 255.255.255.0

Primary DNS: x.x.x.x

Secondary DNS: 8.8.8.8

Expand "VLAN Network"

Add "LAN1", "10", "Management"

Add "LAN1", "20", "User"

Add "LAN1", "30", "Finance"

Add "LAN1", "40", "Guest"

In "LAN Network Settings"

Add LAN "LAN1.10"

Add LAN "LAN1.20"

Add LAN "LAN1.30"

Add LAN "LAN1.40"

For LAN Interface LAN1.10

IP Address: 10.0.10.1

Netmask: 255.255.255.0

DHCP Server: Enbled

Range Start: 10.0.10.100

Range Stop: 10.0.10.254

Netmask: 255.255.255.0

DNS Proxy: Enable

For LAN Interface LAN1.20

IP Address: 10.0.20.1

Netmask: 255.255.255.0

DHCP Server: Enbled

Range Start: 10.0.20.100

Range Stop: 10.0.20.254

Netmask: 255.255.255.0

DNS Proxy: Enable

For LAN Interface LAN1.30

IP Address: 10.0.30.1

Netmask: 255.255.255.0

DHCP Server: Enbled

Range Start: 10.0.30.100

Range Stop: 10.0.30.254

Netmask: 255.255.255.0

DNS Proxy: Enable

For LAN Interface LAN1.40

IP Address: 10.0.40.1

Netmask: 255.255.255.0

DHCP Server: Enbled

Range Start: 10.0.40.100

Range Stop: 10.0.40.254

Netmask: 255.255.255.0

DNS Proxy: Enable

Netgear GS748TP

Port 1 and 2 will be our trunk. Port 2 is connected to the airRouter and port 1 will be connected to the next switch.

In this example, we will reserve port 3 to 12 for server usage. In other words, we will not touch these ports configuration.

We will set port 13 to port 48 as our AP ports. These will have untagged VLAN 10 and tagged VLAN 20,30,40.

Connecting laptop (static IP to 192.168.0.100, e.g.) to the Netgear switch, port 1 is the one I am connecting to, using default IP and password

Eventually we are putting management network onto vlan id 10, but no rush into configuring management IP, we need to make sure that ports are configured properly first.

Change laptop IP to DHCP, and then connect the laptop to port 13 (or any other port between 13 - 48). The laptop should get a 10.0.10.x IP address.

Now we can connect back to switch (10.0.10.2) using browser

We can now change the PVID of ports 1 to 12 also to VLAN id 10. All 48 ports can be configure at one time, so it is actually not really required to do configure PVID twice, but it is safer to do it this way. In the case of mis-configuration of the ports, we can still have a connection back to the Netgear switch.

Now we are all set, we shall be able to plug in an AP (on port 13 to 48) and configure multiple SSIDs in different VLANs.

UniFi controller

AP adoption process has been described in user guide and FAQ, and we will omit those steps here.

To create WLAN, go to “Settings” > “Wireless Networks” on the controller.

Create WLAN “vlan10_mgmt” (e.g.), wpa-psk security. Do NOT set VLAN ID. This is because the VLAN 10 is already untagged on the AP plugged-in ports so we will let switch take care of that.

Wait for the config provision to AP and you should these 4 SSIDs being broadcasted in the air.

Use a laptop to connect to each WLAN and verify if the laptop can get a corresponding DHCP IP address.

vlan10_mgmt 10.0.10.x

vlan20_user 10.0.20.x

vlan30_finance 10.0.30.x

vlan40_guest 10.0.40.x

Now you are all set with WLAN creation.

HP ProCurve 2650-PWR

We will add this HP switch into the network

Since most ports are mainly 10/100, the plan is to do a trunk to link between HP [port 49 (Gigabit)] and Netgear switch [port 1], and allows AP to be connected on port 13 to 48. We will also set port 50 to be trunk so that it can connect to the Cisco switch later.

Follow manuals for initial setup. I temporary connect HP switch [port 1] to airRouter [port 3] to get an IP and use that to manage the switch.